The problem can be corrected by upgrading the affected package toversion 2.0.2b1-2ubuntu0.1 (for Ubuntu 4.10), 2.0.2b1-5ubuntu0.1 (forUbuntu 5.04), or 2.0.2b1-6ubuntu0.1 (for Ubuntu 5.10). After astandard system upgrade you need to restart the Apache 2 server toeffect the necessary changes:

sudo /etc/init.d/apache2 restart

Details follow:

Several format string vulnerabilities were discovered in the errorlogging handling. By sending specially crafted user names, anunauthenticated remote attacker could exploit this to crash the Apacheserver or possibly even execute arbitrary code with the privileges ofApache (user 'www-data').